SOC - Level 2 Cyber Security Analyst

Position Summary

Reporting to the SOC Team Leader, the technical responsibilities of the Level 2 Cyber Security Analyst include advanced qualification of security events, in-depth investigations, incident handling, security research, as well as limited content development work. To continually support the client mandate, some non-technical responsibilities of the Level 2 Analyst role are to provide input into existing processes and workflows as well as suggest future documentation needs. The Level 2 Analyst is also expected to provide mentoring and guidance to Level 1 analysts in support of team growth and development.

Responsibilities and Duties:

Primary Responsibilities and Duties:

• Qualify SIEM incidents reported by Level 1.
• Investigate beyond the depth and technical expertise expected of Level 1.
• Perform incident response and report findings to customers.
• Handle incident escalations from Level 1.
• Qualify and escalate security incidents to our customers based on the incident severity.
• Perform Security research to suggest SIEM use-cases and refine investigation methods.
• Suggest improvements to the current SIEM content.
• Communicate directly with customers during meetings or escalations.
• Define or update processes and other documentation.

Secondary Responsibilities and Duties:

• Guide and mentor Level 1 Cyber Security Analysts.
• Quality Control (detections/tickets).
• Assist with the training of Level 1 analysts.

Qualifications and Skills:

• Ideally, working experience in the Security Operations Center or other cybersecurity team
• Intermediate knowledge of SIEM (ideally Microsoft Sentinel, XDR and Google SecOps) and/or IPS-related technologies is a mandatory skill.
• Strong analytical & technical skills. Ability to develop hypotheses for security events using limited, ambiguous, or conflicting information.
• Ability to lead and communicate efficiently within a team environment.
• Good English skills (both written and verbal).
• Professional certifications such as CCNA, CEH, SANS GCIA or GCIH, eCTHP, eCDFP are a bonus/plus
• Education: (Preferred) Bachelor of Science degree in Computer Science, Computer Engineering, Information Technology or equivalent.
• 1+ years working within the information security field, with emphasis on security operations, incident management, intrusion detection, and security event analysis.
• Knowledge of technical writing and documentation, and the ability to map processes and procedures back to roles and responsibilities within the organization.
• Great customer service skills.

Our Benefits:

• Vacation: 5 days above the standard length set by the Labour Code
• PTO: 5 days (nr of days times nr of shift hours = 40 or 37,5 hours)
• Meal tickets
• Flexipass
• Pension plan